Privacy Policy

PRIVACY & COOKIES POLICIES

Last Updated: May 30, 2018

Privacy policy

This Privacy Policy is intended to describe for you, as an individual who is a user of www.bunabu.com doing business as happytoserve.com and all websites and URL’s controlled or operated by Bunabu Inc dba HappyToServe which link to this policy, unless otherwise specified) or our services, or otherwise provide us with information through various means the information we collect, how that information may be used, with whom it may be shared, and your choices about such uses and disclosures.

You have certain rights in relation to your data, including the right to object to processing based on legitimate interests, profiling (including the use of custom and lookalike/similar audiences), and direct marketing. At any time, you can exercise your rights by emailing us at [email protected]. For further details about our processing and your rights, please see below.

We encourage you to read this Privacy Policy carefully when using our website or services or transacting business with us. By using our website, you are accepting the practices described in this Privacy Policy.

About our site

Our site enables people to request quotes or information for the product or service shown or selected on this site (the “Product”).

The service that our site provides is to connect people who are looking to purchase the Product with relevant providers of the Product (“Service Providers”).

We may collect personal information that can identify you such as your name and email address and other information that does not identify you. When you provide personal information through our website, the information may be sent to servers located in the United States and Europe and other countries around the world.

How our site works

If you’d like to request and receive quotes or information for the Product (“Quotes”), please complete and submit our webform.

Once we’ve received your request, we’ll connect you with one or more relevant Service Providers. We’ll tell the Service Providers who you are, and your Product requirements, and they’ll then contact you directly with your requested Quotes.

You’ll see on our webform that we have a really clear consent statement. This statement sets out the Service Providers that will contact you.

You can choose which Service Provider to buy from. But you don’t have to buy from any of them. There’s no obligation to purchase.

We don’t work with any Service Providers until we have a legal contract in place. This is to ensure that they respect your data and rights by keeping your data secure and confidential, limiting their use of your data (i.e. to providing you with the requested Quotes), and not sharing your data with anyone else.

What we don’t do with your data

Before confirming what data we collect, and why, here’s what we definitely don’t do with your data, unless clearly set out in this notice:

• We don’t share it with anyone else.• We don’t use it for any purpose (including commingling across multiple advertisers’ campaigns or allowing piggybacking or redirecting with tags), except on an aggregate and anonymous basis, and only to assess the performance and effectiveness of our advertising campaigns.• We don’t use it to build, append to, edit, influence or augment user profiles, including profiles associated with any mobile device identifier or other unique identifiers that identify any particular user, browser, computer or device.• We don’t transfer it (including any anonymous, aggregate or derived data) to any advertising network, advert exchange, data broker, or other advertising or monetisation-related service.

What data we collect and how

If you complete our webform in order to request Quotes, it will ask you for your contact details, such as your name, email address, telephone number, postal address, and/or postal code.

In general, we may collect personal information that can identify you such as your name and email address and other information that does not identify you. When you provide personal information through our website, the information may be sent to servers located in the United States, the Netherlands, Spain and other countries around the world.

•Information you provide. We may collect and store any personal information you enter on our website or provide to us in some other manner. This includes identifying information, such as your name, address, e-mail address, telephone number, credit card information, and other personally identifiable information.• Information from other sources. We may also periodically obtain both personal and non-personal information about you from any other of our businesses, business partners, contractors and other third parties. Examples of information that we may receive include: updated delivery and address information, purchase history, and additional demographic information.

Use of cookies and other technologies to collect information. We use various technologies to collect information from your computer and about your activities on our site.

• Information collected automatically. We automatically collect information from your browser when you visit our website. This information includes your IP address, your browser type and language, access times, the content of any undeleted cookies that your browser previously accepted from us (see “Cookies” below), and the referring website address.• Cookies. When you visit our website, we may assign your computer one or more cookies, to facilitate access to our site and to personalize your online experience. Through the use of a cookie, we also may automatically collect information about your online activity on our site, such as the web pages you visit, the links you click, and the searches you conduct on our site. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies. If you choose to decline cookies, please note that you may not be able to sign in or use some of the interactive features offered on our website.• Other Technologies. May use standard Internet technology, such as web beacons and other similar technologies, to track your use of our site. We also may include web beacons in promotional [or other] e-mail messages or newsletters to determine whether messages have been opened and acted upon. The information we obtain in this manner enables us to customize the services we offer our website visitors to deliver targeted advertisements and to measure the overall effectiveness of our online advertising, content, programming or other activities.• Information collected by third parties. We may allow third-parties, including our authorized service providers, Bunabu leads generating websites, advertising companies, and ad networks, to display advertisements on our site. These companies may use tracking technologies, such as cookies to collect information about users who view or interact with their advertisements. Our website does not provide any personal information to these third parties. This information allows them to deliver targeted advertisements and gauge their effectiveness. Some of these third-party advertising companies may be advertising networks that are members of the Network Advertising Initiative, which offers a single location to opt out of ad targeting from member companies (www.networkadvertising.org).

From time to time, we change our webforms, and so they may ask you for other information. It will always be clear from the webform what information we’re requesting, and we only request information that is relevant to your request, and the service that we’re providing.

We also store and share Internet Protocol (IP) addresses, as explained below. Every computer or device has an IP address – a unique number – which enables it to communicate with other computers and devices over the Internet.

We may monitor and/or record these calls for the purposes of quality control and staff training. Also, occasionally, we may need to provide Service Providers with limited access to such recordings in order to resolve disputes.

Additionally, we might collect data about you if you:

• Contact us, or we contact you, by email, telephone or post.• Post comments, material or other content on our site.

How we use your data

We use your data (described above) in the following ways.

To connect you with relevant Service Providers.

As explained above, if you submit our webform, we’ll pass your request to one or more relevant Service Providers (named on the consent statement). We will do this in a secure way. For example, using HTTP Secure (HTTPS), which means the data is encrypted. The Service Providers then contact you directly with your quotes. They may contact you by telephone, email, text/SMS or other digital services.

Before we pass your request to any Service Providers, our service may involve an element of automated decision-making. Our technology platform may automatically assess your Product requirements and pass your request to such Service Providers that would like to receive requests for Quotes at the time your request is made.

We store IP addresses in order to stop unwanted traffic (i.e. spam) to our site. For example, if we become aware that spam is coming from a particular IP address (i.e. computer or location), we can block that IP address. From time to time, we also share IP addresses with Service Providers to enable Service Providers to verify that requests for Quotes have come from a particular country.

To email you about similar products and services – But only if you haven’t opted out of such emails

If you use our quote request service, then, as an existing user, we would like to email you, or send you text/SMS messages, about similar products and services for which we think you might like quotes or information (“Other Products”).

You will always be given an opportunity to opt out of such messages before we send them, and we will not send such messages if you have opted out.

To create custom and lookalike/similar audiences.

We like to work with Facebook, Google and other platforms (“Platforms”) to reach out to you with adverts for Other Products. We also like to use Platforms to reach out to other people who might like to use our quote request service.

We do this in two ways. In both cases, your data, along with other data, is used to create a custom audience and/or a lookalike/similar audience. Whenever an audience is shared with a Platform, the data is first hashed and pseudonymised, meaning that any data within the audience that could identify a person is replaced with an artificial identifier. So, the process is secure. Also, we don’t share more data than we need to for the purpose of creating the audience.

• Custom audience – A custom audience is a list of existing users of our service (“Existing Users”). From time to time, we share this with Platforms. As explained above, the data is first hashed and pseudonymised. The Platform uses this audience to show our Existing Users our adverts for Other Products.• Lookalike/similar audience – A lookalike/similar audience is an audience created by the Platform. From time to time, we share with Platforms a list of Existing Users. The Platform uses this list to find and create lookalikes – i.e. other Platform users who have similar characteristics to the Existing Users – to which it shows our adverts. Again, as explained above, the data is first hashed and pseudonymised.

As we explain below, at any time, you may object to such activity by emailing us at [email protected].

Receiving data from Service Providers

From time to time, Service Providers may return data to us. They may do this if they have a query regarding a request for Quotes that we have sent to them in order to enable us to resolve the query. They may also return data to us, together with confirmation on whether or not a product has been purchased, in order to enable us to improve our marketing. We may also use such data to create custom and lookalike/similar audiences, as explained above.

Working with suppliers

We work with a number of suppliers, who process data on our behalf. These include cloud storage providers, email service providers, and cloud telephony providers. We have appropriate contracts in place with such suppliers to ensure the protection and confidentiality of data.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. At the bottom of this policy, we have included a table, setting out what cookies we use, and the purposes for which we use them.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.

Transferring your data

Depending on the countries in which you’re looking for Service Providers, we may transfer your data outside the European Economic Area (the “EEA”). For example, if you’re looking for Service Providers in the USA, we may need to transfer your data to the USA.

Some of those countries (e.g. Canada, New Zealand, USA) have a European Commission adequacy decision, which means they are considered to offer an adequate level of data protection.

Other countries do not have the same level of legal protection as countries in the EEA, or with an adequacy decision. If we do transfer your data in this way, we will take steps to ensure that it is protected to the same levels that apply in the EEA. This may include, for example, ensuring that the organization receiving the data is registered with the EU-US Privacy Shield (in the case of transfers to the USA), or that we use the EU’s model contract clauses.

Storing your data

We have a data retention policy, which clearly sets out how long we keep data for, and for what reasons.

We will keep your data only for as long as is necessary to fulfil the purpose/s for which it was collected in the first place, i.e. as set out in this notice.

For example:• We will keep your request for Quotes for 12 months after you make the request to enable us to resolve any queries from Service Providers, should they arise.• If you haven’t opted out of receiving marketing from us, we will keep your details, and send you emails, until such time as you don’t engage with our emails for a period of 12 consecutive months.

Following the periods set out above, we will not use the data, save that we will hash/anonymise the same, and retain it for a further 3 years for compliance purposes.

Legal grounds

This notice sets out (above) how we use your data. Under the GDPR, controllers must have a valid lawful basis for each processing activity that they undertake. This section sets out our lawful basis for each activity.

Activity

Lawful Basis under the GDPR

Your Rights

To connect you with relevant Service Providers

Consent

To withdraw your consent, as explained below

The automated decision-making explained above

Legitimate interests

You have the right to object to processing based on legitimate interests

Using and sharing IP addresses

Legitimate interests

You have the right to object to processing based on legitimate interests

To call you to confirm your details or requirements

Consent

To withdraw your consent, as explained below

Sharing call recordings with Service Providers

Legitimate interests

To object to processing based on legitimate interests

To email you about similar products and services

Legitimate interests

To object to processing based on legitimate interests. You also have the right to object to direct marketing

To create custom and lookalike/similar audiences

Legitimate interests

You have the right to object to processing based on legitimate interests

Receiving data from Service Providers

Legitimate interests

You have the right to object to processing based on legitimate interests

Activity Lawful Basis under the GDPR Your Rights

To connect you with relevant Service Providers Consent To withdraw your consent, as explained below
The automated decision-making explained above Legitimate interests You have the right to object to processing based on legitimate interests
Using and sharing IP addresses Legitimate interests You have the right to object to processing based on legitimate interests
To call you to confirm your details or requirements Consent To withdraw your consent, as explained below
Sharing call recordings with Service Providers Legitimate interests To object to processing based on legitimate interests
To email you about similar products and services Legitimate interests To object to processing based on legitimate interests. You also have the right to object to direct marketing

To create custom and lookalike/similar audiences Legitimate interests You have the right to object to processing based on legitimate interests
Receiving data from Service Providers Legitimate interests You have the right to object to processing based on legitimate interests.
*Under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), we send such emails on the basis of the existing customer (soft opt-in) exemption.
In each case where we have identified legitimate interests as the legal basis for our processing, we have conducted a legitimate interests assessment.

Your rights

Under the GDPR, you have a number of rights. In relation to our site, and the service that we provide, those rights are set out in the table above. We further explain these rights, and your other rights, below.

Right of access – You have the right at any time to ask us for a copy of the personal information that we hold about you, and to check that we are lawfully processing it.

Right of rectification – If personal information that we hold about you is not accurate or is out of date and requires amendment or correction you have a right to have the data rectified or completed.

Right of erasure – In certain circumstances, you have the right to request that personal information we hold about you is erased (e.g. if the information is no longer necessary for the purposes for which it was collected or processed).

Right to object to or restrict processing – In certain circumstances, you have the right to object to our processing of your personal information. For example, if we are processing your information on the basis of our legitimate interests, and there are no compelling legitimate grounds for our processing which override your rights and interests.

Right of data portability – In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format.

Right to withdraw consent – In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

Exercising your rights

As explained above, you can exercise your right to withdraw consent or if you wish to exercise any of your other rights under the GDPR, please email us at [email protected]. Alternatively, you can write to us at the address set out above, or inform us if you speak with us on the phone.

Contacting us

If you have any questions about this Privacy Policy or our information-handling practices, or if you would like to request information about our disclosure of personal information to third parties for their direct marketing purposes, please contact us by e-mail to [email protected].

For our Canadian users:

Your rights to access your personal information are not absolute. We may deny access:• When denial of access is required by law• When granting you access would have an unreasonable impact on other people’s privacy;• To protect our Company’s rights and property; or• Where the request if frivolous or vexatious.

If we deny your request for access to, or refuse a request to correct personal information, we will explain why.

Your California Privacy Rights

If you are a resident of California, in addition to the rights set forth above, you have the right to request information from us regarding the manner in which we share certain categories of personal information with third parties for their direct marketing purposes. California law gives you the right to send us a request at a designated address to receive the following information:

1. The categories of information we disclosed to third parties for their direct marketing purposes during the preceding calendar year
2. The names and addresses of the third parties that received that information; and
3. if the nature of the third party’s business cannot be determined from their name, examples of the products or services marketed.

We may provide this information in a standardized format that is not specific to you. The designated email address for these requests is [email protected]

CHILDREN’S PRIVACY
Our website is a general audience site, and we do not knowingly collect personal information from children under the age of 13.

NO RIGHTS OF THIRD PARTIES
This Privacy Policy does not create rights enforceable by third parties or require disclosure of any personal information relating to users of the website.

CHANGES TO THIS PRIVACY POLICY
We will occasionally update this Privacy Policy to reflect changes in our practices and services. When we post changes to this Privacy Policy, we will revise the “last updated” date at the top of this Privacy Policy. If we make any material changes in the way we collect, use, and/or share your personal information, we will notify you by posting the updated policy on our website, with a link denoting that the policy has been updated. We recommend that you check our website from time to time to inform yourself of any changes in this Privacy Policy or any of our other policies.